Create a certificate so users do not get this site is insecure message. We will create a certificate with Powershell and then use OpenSSL to get the files we need.

5 Steps total

Step 1: Create the certificate with Powershell

Open elevated powershell prompt
Commands:
$expire = $(Get-Date).AddYears(10) # Cert will be good for 10 years
New-SelfSignedCertificate -Subject [hostname of server] -NotAfter $expire -DnsName [list the hostname and any other names the site will resolve to, ie ithelpdesk]

The certificate will be in your personal certificate store

Step 2: Export certificate

Type mmc in your powershell prompt
In the MMC console that just opened, go File - Add/Remove Snap-in
Select Certificates and click add to bring it over to right side, select computer account, local computer
Go to Personal - Certificates
Right Click the certificate - All Tasks - Export
Select Yes, export the private key check all but "delete the private key...."
Use a password
Save the certificate and remember the name, location and password you used

Export the certificate again without private key as a .cer file, and install into "Trusted Root Certification Authorities"